Clicking a search result silently redirects you through hidden chains to a phishing or fraud site
Criminals abuse traffic-distribution systems (TDS) to redirect victims through invisible chains when they click a normal-looking search result, ad, or compromised website, delivering tailored phishing pages, fake login portals, or malware.
Also known as: malicious TDS redirect, traffic distribution system scam, SEO poisoning redirect, malicious ad redirect fraud, browser redirect to phishing
Already happened to you? Do this in the next few minutes
- 1 Call your bank or card's fraud line right now. Use the number on the back of your card — not any number from the message or caller. Ask them to stop or reverse the payment and freeze the account.
- 2 If you paid by gift card, wire, or an app (Zelle, Venmo, Cash App): contact that company immediately and report it as fraud. Acting fast sometimes recovers the money.
- 3 Report to the FBI at ic3.gov and the FTC at reportfraud.ftc.gov. The sooner, the better.
- ! If you installed any "support", "server", "refund", or remote-access app at their request (AnyDesk, TeamViewer, Quick Support, etc.): disconnect the internet now, then run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
What to do right now
- 1 If you entered login credentials on a redirected page, change those passwords immediately from a clean device and enable MFA on the affected accounts
- 2 If you downloaded anything after being redirected, disconnect from the internet and run a full antivirus scan before reconnecting
- 3 For banking, government, or healthcare sites, type the URL directly into your browser address bar — never rely on clicking a search result or sponsored ad
- 4 Use a browser with real-time phishing protection (Chrome's Safe Browsing, Edge's SmartScreen) — these warn when TDS chains resolve to known malicious destinations
- 5 If you installed any 'support' or 'server' or 'refund app' or remote-access app at the scammer's request (AnyDesk, TeamViewer, Quick Support, etc.), run free SeraphSecure (https://www.seraphsecure.com) to detect and remove it.
- 6 Report to the FTC at https://reportfraud.ftc.gov and the FBI's IC3 at https://www.ic3.gov.
Was remote-access software installed?
If a scammer asked you to install AnyDesk, TeamViewer, Quick Support, or any remote-access app, your device may still be compromised.
Run SeraphSecure to detect and remove it →Red flags
- ⚠ Your browser's address bar shows a different URL than the link you just clicked — you were silently redirected through an invisible chain
- ⚠ A page briefly flashes white or grey before you land on an unexpected website asking for your login credentials
- ⚠ A search result for a familiar brand (your bank, the IRS, a healthcare portal) lands you on a site that looks identical to the real one but has a slightly different URL
- ⚠ A sponsored advertisement for a service you regularly use deposits you on a page harvesting your personal or financial information
- ⚠ A website you regularly visit suddenly redirects you to a tech-support warning, a prize notification, or a security alert — the site itself may have been compromised
Sources
- FBI IC3 — PSA260618: Cyber Criminals Redirecting Users to Fraudulent Websites with Malicious Traffic Distribution Systems (Jun 2026)
- ScamWatchHQ — The Invisible Switchboard: FBI Warns Cyber Criminals Are Using 'Traffic Distribution Systems' to Quietly Redirect You to Fraud (Jun 2026)
- Cybersecurity News — FBI Warns Cybercriminals Use Traffic Distribution Systems to Redirect Users to Fraudulent Websites (Jun 2026)